RWejlgaard/pez-infra
1
0
Fork 0
mirror of https://github.com/RWejlgaard/pez-infra.git synced 2026-05-06 04:14:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
pez-infra/ansible/roles/firewall_alpine
History
Rasmus Wejlgaard ef0ccdd84a fix(firewall_alpine): replace empty iptables ruleset with proper INPUT filtering 
The rules.v4.j2 template deployed a ruleset with INPUT ACCEPT and zero
custom rules — effectively a no-op. nuremberg-a is a public-facing mail
server and needs actual filtering.

Changes:
- INPUT default policy set to DROP
- Allow loopback, established/related, Tailscale interface, SSH, ICMP
- FORWARD stays ACCEPT for Docker port-forwarding
- Added firewall_alpine_extra_input_rules variable for host-specific rules

Mail ports remain handled by Docker's FORWARD chain, not INPUT.

Closes PESO-119
2026-04-02 20:17:28 +00:00
..
defaults capture nuremberg-a firewall rules in pez-infra (#15) 2026-03-29 14:40:10 +01:00
handlers Fix docker-compose package conflict and alpine firewall handler (#22) 2026-03-29 19:11:52 +01:00
tasks capture nuremberg-a firewall rules in pez-infra (#15) 2026-03-29 14:40:10 +01:00
templates fix(firewall_alpine): replace empty iptables ruleset with proper INPUT filtering 2026-04-02 20:17:28 +00:00